Hi, I am on W3C's WSC WG and have been asked to review the proposed
Access Control for Cross-Site Requests capability. I also had some
feedback from MITRE's infosec community and came up with the following
items.
The Access Control for cross-site requests extension appears to have a
major impact to a web servers Information Assurance (IA) model and may
have profound effects on security agreements in place that govern use
of the web server. If a client becomes a Policy Decision Point for a
server, the server must rely on the clients IA capabilities and
robustness of IA controls in place for the client to ensure that the
server and applications hosted on the server are not compromised.
Given the considerations noted above, the proposed Access Control for
cross-site requests must take into consideration the following
capabilities.
1. The cross-site scripting protocol must include strong
cryptographic mechanisms to ensure that the server can restrict use of
the capabilities to authenticated and authorized clients.
2. The protocol must provide the ability for a server to support
fine grained access control. e.g. a server should be able to limit
write access to a specific client noted in item 1.
3. Protocol must be able to restrict inheritance of a clients
access control rights by other clients.
4. Resources must be protected until access is granted; the
security consideration that resources are not revealed is not strong
enough.
Regards,
Bill Doyle
wdoyle@mitre.org